Security News > 2020 > February > A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices
2020-02-17 07:10

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide-and worryingly, a few of which haven't yet been patched.

All SweynTooth flaws basically reside in the way software development kits used by multiple system-on-a-chip have implemented Bluetooth Low Energy wireless communication technology-powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi.

According to the researchers, hackers in close physical proximity to vulnerable devices can abuse this vulnerability to remotely trigger deadlocks, crashes, and even bypass security in BLE products, allowing them to arbitrary read or write access to device's functions that are otherwise only allowed to be accessed by an authorized user.

Invalid Connection Request - When devices do not properly handle some connection parameters while the central attempts a connection to the peripheral, they could lead to Deadlock state.

"The most critical devices that could be severely impacted by SweynTooth are the medical products. VivaCheck Laboratories, which manufacture Blood Glucose Meters, has many products listed to use DA14580," the researchers said.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/l6jCGcibHXw/hacking-bluetooth-vulnerabilities.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Bluetooth 4 0 9 7 0 16